{"id":40394114,"url":"https://github.com/canonical/oauth2-proxy-k8s-operator","last_synced_at":"2026-01-20T13:00:52.431Z","repository":{"id":246346237,"uuid":"819377944","full_name":"canonical/oauth2-proxy-k8s-operator","owner":"canonical","description":"A Charmed Operator for running OAuth2-proxy on Kubernetes","archived":false,"fork":false,"pushed_at":"2026-01-19T08:10:36.000Z","size":550,"stargazers_count":2,"open_issues_count":13,"forks_count":7,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-01-19T16:37:42.143Z","etag":null,"topics":["charm","identity-platform","oauth2-proxy-k8s","python"],"latest_commit_sha":null,"homepage":"https://github.com/canonical/oauth2-proxy-k8s-operator","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/canonical.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-06-24T11:38:48.000Z","updated_at":"2026-01-17T02:19:36.000Z","dependencies_parsed_at":"2026-01-06T14:02:56.729Z","dependency_job_id":null,"html_url":"https://github.com/canonical/oauth2-proxy-k8s-operator","commit_stats":null,"previous_names":["canonical/oauth2-proxy-k8s-operator"],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/canonical/oauth2-proxy-k8s-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Foauth2-proxy-k8s-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Foauth2-proxy-k8s-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Foauth2-proxy-k8s-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Foauth2-proxy-k8s-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/canonical","download_url":"https://codeload.github.com/canonical/oauth2-proxy-k8s-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/canonical%2Foauth2-proxy-k8s-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28603402,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T12:01:53.233Z","status":"ssl_error","status_checked_at":"2026-01-20T12:01:46.545Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["charm","identity-platform","oauth2-proxy-k8s","python"],"created_at":"2026-01-20T13:00:32.148Z","updated_at":"2026-01-20T13:00:52.407Z","avatar_url":"https://github.com/canonical.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Charmhub Badge](https://charmhub.io/oauth2-proxy-k8s/badge.svg)](https://charmhub.io/oauth2-proxy-k8s)\n[![Release Edge](https://github.com/canonical/oauth2-proxy-k8s-operator/actions/workflows/publish_charm.yaml/badge.svg)](https://github.com/canonical/oauth2-proxy-k8s-operator/actions/workflows/publish_charm.yaml)\n\n# OAuth2 Proxy K8s Operator\n\nThis is the Kubernetes Python Operator for the\n[OAuth2 Proxy](https://oauth2-proxy.github.io/oauth2-proxy/).\n\n## Description\n\nOAuth2 Proxy is a reverse proxy and static file server that authenticates users\nthrough providers like Google and GitHub, allowing validation by email, domain,\nor group.\n\nThis operator provides the OAuth2 proxy, and consists of Python scripts which\nwraps the versions distributed by\n[OAuth2 Proxy](https://quay.io/repository/oauth2-proxy/oauth2-proxy?tab=tags\u0026tag=latest).\n\n## Usage\n\nThe OAuth2 Proxy charm can be used to enable authentication for charmed applications\nby integrating it with [Identity Platform](https://charmhub.io/identity-platform).\n\nTo deploy Charmed OAuth2 Proxy, you need to run the following command:\n\n```shell\njuju deploy oauth2-proxy-k8s --channel edge --trust\n```\n\nYou can follow the deployment status with `watch -c juju status --color`.\n\n## Integrations\n\n### Ingress\n\nThe Charmed OAuth2 Proxy offers integration with the [traefik-k8s-operator](https://github.com/canonical/traefik-k8s-operator) for ingress.\n\nIn order to provide ingress to the application, run:\n\n```shell\njuju deploy traefik-k8s traefik-public --channel latest/stable --trust\njuju integrate traefik-public oauth2-proxy-k8s:ingress\n```\n\n### Certificates\n\nOAuth2 Proxy offers integration with [self-signed-certificates](https://charmhub.io/self-signed-certificates).\nThis integration allows OAuth2 Proxy to receive CA certificates so that it can trust Hydra, the OAuth provider.\n\nIt can be added by deploying the `self-signed-certificates` charm and establishing integrations:\n\n```commandline\njuju deploy self-signed-certificates --channel 1/stable --trust\njuju integrate self-signed-certificates:certificates traefik-public\njuju integrate oauth2-proxy-k8s:receive-ca-cert self-signed-certificates\n```\n\n\u003e Note: Deploy `self-signed-certificates` from the `1/stable` channel or higher.\n\n### Traefik ForwardAuth\n\nOAuth2 Proxy offers integration with\nTraefik [ForwardAuth](https://doc.traefik.io/traefik/middlewares/http/forwardauth/)\nmiddleware via `forward_auth` interface.\n\nIt can be added by deploying\nthe [Traefik charmed operator](https://charmhub.io/traefik-k8s), enabling the\nexperimental feature and adding a juju integration:\n\n```shell\njuju config traefik-public enable_experimental_forward_auth=True\njuju integrate oauth2-proxy-k8s traefik-public:experimental-forward-auth\n```\n\n### Auth Proxy\n\nOAuth2 Proxy can be integrated with downstream charmed operators\nusing `auth_proxy` interface.\n\nTo have your charm protected by the proxy, make sure that:\n\n- it is integrated with Traefik using one of the [ingress interfaces](https://github.com/canonical/traefik-k8s-operator/tree/main/lib/charms/traefik_k8s)\n- it provides OAuth2 Proxy with necessary data by supporting\n  the [integration](https://github.com/canonical/oauth2-proxy-k8s-operator/blob/main/lib/charms/oauth2_proxy_k8s/v0/auth_proxy.py).\n\nThen complete setting up the proxy:\n\n```shell\njuju integrate your-charm traefik-public\njuju integrate oauth2-proxy-k8s your-charm:auth-proxy\n```\n\n### Identity Platform\n\nIdentity Platform is a composable identity provider and identity broker system based on Juju.\n\nIt comes with a built-in identity and user management system, but is also able to rely on external identity providers\nto authenticate users and manage user attributes. Find out more about integrating it with providers like Google, Microsoft Entra ID\nor GitHub [here](https://charmhub.io/identity-platform/docs/how-to/integrate-external-identity-provider).\n\nRefer to [this](https://charmhub.io/topics/canonical-identity-platform/tutorials/e2e-tutorial) tutorial to learn how to deploy and configure the Identity Platform.\n\nCharmed OAuth2 Proxy connects with the Identity Platform with the use of Hydra charmed\noperator. To integrate it, run:\n\n```shell\njuju integrate oauth2-proxy-k8s:oauth hydra\n```\n\nNote that `oauth` requires `ingress` integration provided by Traefik Charmed Operator.\n\nIn order to trust the OAuth provider, you must also integrate OAuth2 Proxy\nwith `receive-ca-cert` (e.g. using charmed [lego](https://charmhub.io/lego) or [self-signed-certificates](https://charmhub.io/self-signed-certificates)).\n\nAlternatively, for development purposes you can bypass certificate validation by setting `juju config oauth2-proxy-k8s dev=true`.\nDon't do this in production.\n\n## Security\n\nPlease see [SECURITY.md](https://github.com/canonical/oauth2-proxy-k8s-operator/blob/main/SECURITY.md)\nfor guidelines on reporting security issues.\n\n## Contributing\n\nThis charm is still in active development. Please see the\n[Juju SDK docs](https://juju.is/docs/sdk) for guidelines on enhancements to this\ncharm following best practice guidelines, and `CONTRIBUTING.md` for developer\nguidance.\n\n## License\n\nThe Charmed OAuth2 Proxy K8s Operator is free software, distributed under the\nApache Software License, version 2.0. See [License](LICENSE) for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcanonical%2Foauth2-proxy-k8s-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcanonical%2Foauth2-proxy-k8s-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcanonical%2Foauth2-proxy-k8s-operator/lists"}